Content use device and recording medium

ABSTRACT

To provide a content playback device that can use content appropriately by avoiding output of content not permitted to be used according to contract information. A playback control unit  102  extracts a content name from playback control information in a playback path information table  210,  and inquires of a rights management unit  108  whether content identified by the extracted content name is playable or not. If the content is judged as being unplayable, the playback control unit  102  extracts an alternative playback number from the playback control information, and extracts a content name from playback control information whose playback number matches the alternative playback number. The playback control unit  102  then instructs a decryption unit  103  and a playback unit  107  to decrypt and play back encrypted content identified by the extracted content name.

TECHNICAL FIELD

The present invention relates to a content use device capable ofprotecting a copyrighted work, and a recording medium on which acopyrighted work is recorded.

BACKGROUND ART

Recording media, e.g. DVDs, on which copyrighted works such as moviesand music are recorded in digital form, are widely used in recent years.

The DVD standard employs playback path control based on navigation data.According to this technique, a playback path of content can be specifiedusing navigation data. Also, the playback path can be interactivelyaltered by the user through a remote control (see Japanese PatentApplication Publication No. H10-336568).

Meanwhile, a content delivery system that uses DRM (Digital RightsManagement) is becoming common in recent years. According to DRM, alicense is provided separately from encrypted content. The licensecontains a license key and a use condition. The encrypted content isdecrypted using the license key and the decrypted content is playedback, based on the use condition.

Consider a case where DRM is used in playback path control over a DVD onwhich a movie is recorded. A playback device selects content throughplayback path control, and checks a use condition of the content. Here,suppose the use of the content is not permitted under the use condition.If the playback device plays the content despite the use condition, thecopyright of the content is violated. If the playback device does notplay the content in compliance with the use condition, on the otherhand, part of the scenes of the movie will end up being missing becausea preset playback path is deviated. This causes ambiguity orcontradiction in the story of the movie, thereby confusing the viewer.

DISCLOSURE OF THE INVENTION

To solve the above problem, the present invention aims to provide acontent use device, a content use method, and a computer program thatcan appropriately use composite content including a plurality of piecesof content recorded on a recording medium, by avoiding output ofunusable content according to contract information. The presentinvention also aims to provide a recording medium on which compositecontent is recorded.

The stated aim can be achieved by a content use device for usingcomposite content recorded on a recording medium, the composite contentincluding a plurality of pieces of content, the content use deviceincluding: an acquisition unit operable to acquire a designation of oneof the plurality of pieces of content; a judgment unit operable to judgewhether the designated piece of content is usable, based on contractinformation relating to use of the designated piece of content; aselection unit operable to select one of the plurality of pieces ofcontent, according to a result of the judgment by the judgment unit; andan output unit operable to output the selected piece of content.

According to this construction, the content to be output next isselected depending on the usability of the designated content. In thisway, the output of unusable content can be avoided. This enables theuser to use content appropriately without confusion.

Here, the selection unit may select the designated piece of content ifthe designated piece of content is judged as being usable, and select analternative piece of content instead of the designated piece of contentif the designated piece of content is judged as being not usable, thealternative piece of content being included in the composite content incorrespondence with the designated piece of content.

According to this construction, the composite content includes thealternative content to be output instead of the designated content ifthe designated content is unusable. This makes it possible to select thealternative content reliably.

Here, the composite content recorded on the recording medium may includea content identifier for identifying the designated piece of content andan alternative content identifier for identifying the alternative pieceof content, in correspondence with each other, wherein the selectionunit selects the designated piece of content by extracting the contentidentifier from the composite content if the designated piece of contentis judged as being usable, and selects the alternative piece of contentby extracting the alternative content identifier corresponding to thecontent identifier from the composite content if the designated piece ofcontent is judged as being not usable, and the output unit reads thepiece of content identified by the extracted content identifier oralternative content identifier from the recording medium, and outputsthe read piece of content.

According to this construction, the alternative content can be selectedreliably using the alternative content identifier.

Here, the judgment unit may acquire the contract information, and judgewhether the designated piece of content is usable based on the acquiredcontract information.

According to this construction, the usability of the designated contentis judged with reference to the acquired contract information. Thisenables content to be used properly without violating its copyright.

Here, the composite content recorded on the recording medium may includea license identifier for identifying the contract information, whereinthe judgment unit includes: a contract information storage unit operableto prestore the license identifier and the contract information incorrespondence with each other; an identifier extraction unit operableto extract the license identifier from the composite content; and ajudging unit operable to read the contract information corresponding tothe extracted license identifier from the contract information storageunit, and judge whether the designated piece of content is usable basedon the read contract information.

Here, the composite content recorded on the recording medium may includea content identifier for identifying the designated piece of content anda license identifier for identifying the contract information, incorrespondence with each other, wherein the judgment unit includes: acontract information storage unit operable to prestore the licenseidentifier and the contract information in correspondence with eachother; an identifier extraction unit operable to extract the licenseidentifier corresponding to the content identifier for identifying thedesignated piece of content, from the composite content; and a judgingunit operable to read the contract information corresponding to theextracted license identifier from the contract information storage unit,and judge whether the designated piece of content is usable based on theread contract information.

Here, the composite content recorded on the recording medium may includea content identifier for identifying the designated piece of content,wherein the judgment unit includes: a contract information storage unitoperable to prestore the content identifier and the contract informationin correspondence with each other; an identifier extraction unitoperable to extract the content identifier from the composite content;and a judging unit operable to read the contract informationcorresponding to the extracted content identifier from the contractinformation storage unit, and judge whether the designated piece ofcontent is usable based on the read contract information.

According to these constructions, the contract information correspondingto the designated content can be acquired reliably.

Here, the composite content recorded on the recording medium may includeplayback path information showing a correspondence between thedesignated piece of content and a preceding piece of content that is tobe output immediately before the designated piece of content, whereinafter the output unit outputs the preceding piece of content, theacquisition unit extracts the playback path information from thecomposite content, and acquires the designation in accordance with theextracted playback path information.

According to this construction, the output of unusable content can beavoided in playback path control.

Here, the plurality of pieces of content may include a plurality ofpieces of angle content that are used for multi-angle switching, whereinthe acquisition unit acquires the designation of one of the plurality ofpieces of angle content, the judgment unit judges whether the designatedpiece of angle content is usable, based on the contract information, andthe selection unit selects a group of outputtable pieces of anglecontent according to the result of the judgment by the judgment unit,and selects one piece of angle content from the selected group, and theoutput unit outputs the selected piece of angle content.

According to this construction, the output of unusable content can beavoided when controlling multi-angle switching.

Here, the plurality of pieces of content may include a plurality ofpieces of auxiliary content that are each made up of any of audio dataand subtitle data output together with video data, wherein theacquisition unit acquires the designation of one of the plurality ofpieces of auxiliary content, the judgment unit judges whether thedesignated piece of auxiliary content is usable, based on the contractinformation, the selection unit selects a group of outputtable pieces ofauxiliary content according to the result of the judgment by thejudgment unit, and selects one piece of auxiliary content from theselected group, and the output unit outputs the selected piece ofauxiliary content.

According to this construction, the output of unusable content can beavoided when controlling playback of audio or subtitle data whichaccompanies video data.

Here, the plurality of pieces of content may each contain an encrypteddigital work, wherein the output unit decrypts an encrypted digital workcontained in the selected piece of content, and outputs the decrypteddigital work.

According to this construction, the content use device decrypts theencrypted digital works in the composite content recorded on therecording medium and outputs the decrypted digital works. Accordingly,even if the composite content is copied to another recording mediumunauthorizedly, the digital works in the copied composite content areprotected from unauthorized use.

Also, the stated aim can be achieved by a recording medium on whichcomposite content including a plurality of pieces of content isrecorded, wherein the composite content includes a piece of content andan alternative piece of content in correspondence with each other, thealternative piece of content being to be output instead of the piece ofcontent if the piece of content is not usable.

According to this construction, the output of unusable content can beavoided when the recording medium is used by the above content usedevice.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 shows an overall construction of a content playback system whichis an embodiment of the present invention.

FIG. 2 shows an internal construction of a playback device andinformation stored on a recording medium shown in FIG. 1.

FIG. 3 shows an example data structure of a playback path informationtable stored on the recording medium.

FIG. 4 shows an example of playback of video when the playback pathinformation table shown in FIG. 3 is used.

FIG. 5 shows an example data structure of a button data table stored onthe recording medium.

FIG. 6 shows an example of playback of video containing a plurality ofbuttons when the button data table shown in FIG. 5 is used.

FIG. 7 shows another example of playback of video containing a pluralityof buttons when the button data table shown in FIG. 5 is used.

FIG. 8 shows an example data structure of a key control informationtable stored on the recording medium.

FIG. 9 shows an example data structure of a media information tablestored on the recording medium.

FIG. 10 shows an example data structure of a rights information tablestored in a rights storage unit in the playback device.

FIG. 11 shows an internal construction of a license server device shownin FIG. 1.

FIG. 12 is a flowchart of a content playback start operation by theplayback device.

FIG. 13 is a flowchart of a media key generation operation by a mediakey generation unit in the playback device.

FIG. 14 is a flowchart of a content playback control operation by aplayback control unit in the playback device.

FIG. 15 is a flowchart of a content decryption and playback operation bya decryption unit and a playback unit in the playback device.

FIG. 16 is a flowchart of a content key acquisition operation by a keycontrol unit in the playback device.

FIG. 17 is a flowchart of a rights key acquisition operation by a rightsmanagement unit in the playback device.

FIG. 18 is a flowchart of a playability judgment operation by the keycontrol unit in the playback device.

FIG. 19 is a flowchart of a playability judgment operation by the rightsmanagement unit in the playback device.

FIG. 20 is a flowchart of an operation of acquiring rights informationfrom the license server device by the playback device.

FIG. 21 shows an overall construction of a content recording/playbacksystem which is a modification to the embodiment.

BEST MODE FOR CARRYING OUT THE INVENTION

The following describes a content playback system 1 which is anembodiment of the present invention.

1.1. Construction of the Content Playback System 1

FIG. 1 shows a construction of the content playback system 1. As shownin the drawing, the content playback system 1 is roughly made up of aplayback device 100 and a license server device 300 which are connectedvia an internet 10. A display device 113 such as a television monitor isconnected with the playback device 100. Also, a recording medium 200such as a BD is loaded to the playback device 100 by the user. Theplayback device 100 receives an operation from the user via a remotecontrol 112. According to the received operation, the playback device100 plays back content recorded on the recording medium 200, or acquiresrights information relating to content from the license server device300 and retains the acquired rights information.

1.2. Construction of the Recording Medium 200

FIG. 2 shows information stored on the recording medium 200. Asillustrated, the recording medium 200 stores a playback path informationtable 210, encrypted content 231, 232, . . . , 238, a key controlinformation table 260, and a media information table 280, in advance.The playback path information table 210, the encrypted content 231, 232,. . . , 238, the key control information table 260, and the mediainformation table 280 constitute composite content (compound content).The composite content referred to here is a type of content thatincludes a combination of different pieces of content.

(1) Playback Path Information Table 210

FIG. 3 shows an example of the playback path information table 210. Inthe drawing, the playback path information table 210 includes eight setsof playback control information 291, 292, . . . , 298, which eachcorrespond to any of the encrypted content 231, 232, . . . , 238recorded on the recording medium 200. These eight sets of playbackcontrol information 291, 292, . . . , 298 define an order in which theencrypted content 231, 232, . . . , 238 are decrypted and played back.Each set of playback control information includes a playback number, acontent name, a next playback number, and an alternative playbacknumber. Here, the playback control information may not include thealternative playback number, and further may not include the nextplayback number.

(Playback Number)

The playback number included in the playback control information is anindex number for uniquely identifying the playback control information.The playback number begins with 1, and is incremented by 1 for each setof playback control information. For example, the playback controlinformation 291 has a playback number 212 “1”, which uniquely identifiesthe playback control information 291. Meanwhile, the playback controlinformation 292 includes a playback number 217 “2”, which uniquelyidentifies the playback control information 292.

(Content Name)

The content name included in the playback control information identifiesencrypted content corresponding to the playback control information. Asone example, the content name is a filename for uniquely identifying theencrypted content that is recorded on the recording medium 200 as onefile.

(Next Playback Number)

The next playback number included in the playback control informationdesignates playback control information corresponding to encryptedcontent that is to be decrypted and played next, when the decryption andplayback of the encrypted content corresponding to the former playbackcontrol information have completed. The next playback number is not setif there is no encrypted content to be decrypted and played next.

For instance, the playback control information 291 has a next playbacknumber 214 “2”. Accordingly, after the decryption and playback of theencrypted content identified by a content name 213 “Opening.mpg” havecompleted, encrypted content corresponding to the playback controlinformation 292 designated by the next playback number 214 “2”, i.e. theencrypted content identified by a content name 218 “Trailer.mpg”, isdecrypted and played.

(Alternative Playback Number)

The alternative playback number included in the playback controlinformation designates playback control information corresponding toencrypted content that is to be decrypted and played alternatively ifthe decryption and playback of the encrypted content designated by thenext playback number are not permitted.

For instance, the playback control information 292 has a next playbacknumber 219 “3” and an alternative playback number 220 “4”. Suppose thedecryption and playback of encrypted content corresponding to theplayback control information 293 designated by the next playback number219 “3”, i.e. encrypted content identified by a content name 221“Movie.mpg”, are not permitted. In this case, after the decryption andplayback of the encrypted content identified by the content name 218“Trailer.mpg” have completed, encrypted content corresponding to theplayback control information 294 designated by the alternative playbacknumber 220 “4”, i.e. encrypted content identified by a content name 222“Warning.mpg”, is decrypted and played.

If the playback control information includes no alternative playbacknumber, the decryption and playback of the encrypted content designatedby the next playback number are carried out irrespective of whether thatencrypted content is playable or not.

(Playback Example)

FIG. 4 shows an example of playback when the playback path informationtable 210 shown in FIG. 3 is used.

As shown in FIG. 4, video 401 is played first, and then video 402 isplayed. After this, video 403 is played if playable, and then video 405is played. If video 403 is unplayable, video 404 is played instead.Also, video 406, 407, and 408 are played depending on conditions.

Here, video 401, 402, . . . , 408 respectively correspond to theplayback control information 291, 292, . . . , 298 shown in FIG. 3.

(2) Encrypted Content 231, 232, . . . , 238

The encrypted content 231, 232, . . . , 238 each constitute one file onthe recording medium 200.

The encrypted content 231, 232, . . . , 238 have the same datastructure. Which is to say, the encrypted content is obtained byapplying an encryption algorithm to a payload of each packet of atransport stream, excluding an adaptation field, that is generated bymultiplexing an MPEG-2 video elementary stream and an MPEG-2 audioelementary stream according to an MPEG-2 multiplexing system. Theencryption algorithm referred to here is AES (Advanced Encrypt ionStandard) as one example, though other secret-key encryption algorithmsare applicable too.

(Button Data Table 240)

If the encrypted content is menu display content, the encrypted contentincludes, in encrypted form, a button data table 240 for displayingbuttons as a private stream, in addition to the video elementary streamand the audio elementary stream. It should be noted here that the mannerin which the encrypted button data table is included is not limited tothis.

FIG. 5 shows an example of the button data table 240. In the drawing,the button data table 240 includes four sets of button data, whichrespectively correspond to four buttons 422, 423, 424, and 425 in a menudisplay 421 shown in FIG. 6, and also respectively correspond to fourbuttons 432, 433, 434, and 435 in a menu display 431 shown in FIG. 7.Each set of button data includes a button number, a playback number, anupper button number, a lower button number, a left button number, aright button number, unselected data, selected data, and grayed-outdata. Here, the button data may not include the grayed-out data.

(a) Button Number

The button number included in the button data is an index number foruniquely identifying the button data. The button number begins with 1,and is incremented by 1 for each set of button data. When the playbackof the menu display content starts, a button corresponding to buttondata identified by a button number 241 “1” is put in a selected state.

(b) Playback Number

The playback number included in the button data identifies playbackcontrol information corresponding to encrypted content that is to beplayed when selection of a button corresponding to the button data isconfirmed via the remote control 112.

For example, the button data identified by the button number 241 “1” hasa playback number 242 “2” . Accordingly, when a confirmation operationis made via the remote control 112 while the button corresponding tothis button data is in a selected state, the encrypted contentcorresponding to the playback control information 292 that has theplayback number 217 “2” in the playback path information table 210 inFIG. 3, i.e. the encrypted content identified by the content name 218“Trailer.mpg”, is decrypted and played.

(c) Upper Button Number

The upper button number included in the button data identifies buttondata corresponding to a button that is put into a selected state when anup movement operation is made via the remote control 112 while thebutton corresponding to the former button data is in a selected state.

For instance, the button data identified by the button number 241 “1”has an upper button number 243 “4”. This being so, if an up movementoperation is made via the remote control 112 while the buttoncorresponding to this button data is in a selected state, a buttoncorresponding to button data identified by the upper button number 243“4” is put into a selected state.

(d) Lower Button Number

The lower button number included in the button data identifies buttondata corresponding to a button that is put into a selected state when adown movement operation is made via the remote control 112 while thebutton corresponding to the former button data is in a selected state.

(e) Left Button Number

The left button number included in the button data identifies buttondata corresponding to a button that is put into a selected state when aleft movement operation is made via the remote control 112 while thebutton corresponding to the former button data is in a selected state.

(f) Right Button Number

The right button number included in the button data identifies buttondata corresponding to a button that is put into a selected state when aright movement operation is made via the remote control 112 while thebutton corresponding to the former button data is in a selected state.

(g) Unselected Data

The unselected data included in the button data is image data showingthe button to be displayed when the button is in an unselected state.

(h) Selected Data

The selected data included in the button data is image data showing thebutton to be displayed when the button is in a selected state.

(i) Grayed-Out Data

The grayed-out data included in the button data is image data showingthe button to be displayed when the button is in a grayed-out state,i.e., an unselectable state. This image data is created, for example, byreplacing the alternate pixels of the unselected data with blank pixels.Such image data is less distinct than the unselected data, therebyindicating that the button cannot be selected. The grayed-out state isexplained in more detail later.

(3) Key Control Information Table 260

FIG. 8 shows an example of the key control information table 260. Asillustrated, the key control information table 260 includes a pluralityof sets of key control information, which each correspond to any of theencrypted content 231, 232, . . . , 238 recorded on the recording medium200. Each set of key control information includes a content name,content information, key generation information, playabilityinformation, copyability information, and rights mode information.

(Content Name)

The content name included in the key control information identifiesencrypted content corresponding to the key control information. Like thecontent name in the playback path information table 210 shown in FIG. 3,the content name in the key control information table 260 shows afilename that identifies the corresponding encrypted content. Unlike theplayback path information table 210, however, the same content namenever appears more than once in the key control information table 260.

(Content Information)

The content information included in the key control information is usedto generate a content key for decrypting the encrypted contentcorresponding to the key control information. The content information isunique to the corresponding encrypted content.

(Key Generation Information)

The key generation information included in the key control informationspecifies a method of generating the content key for the encryptedcontent corresponding to the key control information. The key generationinformation takes one of the values “00”, “01”, and “10”. The value “00”indicates the content key is to be generated using a media key. Thevalue “01” indicates the content key is to be generated using acomposite key. The value “10” indicates the content key is to begenerated using a rights key (also referred to as a license key). Themedia key, the composite key, and the rights key are explained in detaillater.

(Playability Information)

The playability information included in the key control informationshows whether the encrypted content corresponding to the key controlinformation is playable or not. The playability information takes one ofthe values “1” and “0”. The value “1” indicates the encrypted content isplayable. The value “0” indicates the encrypted content is unplayable.

Although the playability information shows whether the encrypted contentis playable or not in this example, this is not a limit for the presentinvention. For example, the playability information may show a playbackquality, such that the encrypted content is judged as being unplayableif the playability information shows a high playback quality, andplayable if the playability information shows a low playback quality.

(Copyability Information)

The copyability information included in the key control informationshows whether the encrypted content corresponding to the key controlinformation is copyable or not. The copyability information takes one ofthe values “01”, “10”, and “00”. The value “01” indicates “Once”, i.e.the content can be copied one generation. The value “10” indicates“Free”, i.e. the content can be copied freely. The value “00” indicates“Never”, i.e., the content is never to be copied.

Although the copyability information shows any of “Once”, “Free”, and“Never” in this example, the present invention is not limited to this.For example, the copyability information may show a copy quality. Also,the copyability information may contain information for specifying copydestination media.

(Rights Mode Information)

The rights mode information included in the key control informationspecifies one or more rights modes specified for the encrypted contentcorresponding to the key control information, when the key generationinformation in the key control information is “10” (rights key) or “01”(composite key). For instance, when the rights mode information is “01”,mode A is specified for the content. When the rights mode information is“10”, mode B is specified for the content. When the rights modeinformation is “01,10”, modes A and B are specified for the content.

A rights mode mentioned here is a mode of generating rights for thecontent. As one example, mode A generates the rights based on a maximumnumber of times the playback of the content is permitted, whilst mode Bgenerates the rights based on an expiration date until which theplayback of the content is permitted.

When the key generation information in the key control information is“00” (media key) , the rights mode information in the key controlinformation is “00”, indicating that no rights mode is specified.

In FIG. 8, for example, rights mode information 266 is “00”, which meansno rights mode is specified for content corresponding to key controlinformation that includes the rights mode information 266.

Meanwhile, rights mode information 272 is “01”, which means mode A isspecified for content corresponding to key control information thatincludes the rights mode information 272. Accordingly, only rights thatare generated in mode A are used as the rights for use of the content.

Also, rights mode information 273 is “01,10”, which means modes A and Bare specified for content corresponding to key control information thatincludes the rights mode information 273. Accordingly, rights that aregenerated in any of modes A and B are used as the rights for use of thecontent.

Further, rights mode information 274 is “10”, which means mode B isspecified for content corresponding to key control information thatincludes the rights mode information 274. Accordingly, only rights thatare generated in mode B are used as the rights for use of the content.

(4) Media Information Table 280

FIG. 9 shows an example of the media information table 280. Asillustrated, the media information table 280 includes a plurality ofsets of media information, which each correspond to an individualplayback device. Each set of media information includes deviceinformation and an encrypted media key.

(Device Information)

The device information included in the media information is uniquelygiven to a playback device corresponding to the media information.

(Encrypted Media key)

The encrypted media key included in the media information is generatedby applying an encryption algorithm to a media key using a device keyunique to the playback device corresponding to the media information.The encryption algorithm referred to here is AES as one example, thoughother secret-key encryption algorithms are equally applicable. The mediakey is uniquely assigned to the recording medium 200.

Thus, the media information table 280 contains encrypted media keysgenerated for separate playback devices. Suppose one playback devicebecomes unauthorized as a result of hacking or the like. In such a case,in the subsequent production of recording media a media informationtable that does not include media information corresponding to theunauthorized playback device is created and written to each recordingmedium. In so doing, playback of content by unauthorized devices can beprevented.

In this embodiment, the sets of media information as many as theplayback devices are stored in the media information table 280. Thisunnecessarily increases a data size of the media information table 280.To avoid this, the data size of the media information table 280 may bereduced using a binary tree.

1.3. Construction of the Playback Device 100

FIG. 2 also shows a construction of the playback device 100. In thedrawing, the playback device 100 includes a drive unit 101, a playbackcontrol unit 102, a decryption unit 103, a key control unit 104, a mediakey generation unit 105, a reception unit 106, a playback unit 107, arights management unit 108, a rights storage unit 109, a communicationunit 110, a device information storage unit 111, and a power supply unit(not illustrated) for supplying power to each construction element ofthe playback device 100.

The playback device 100 is actually realized by a computer system thatis roughly made up of a CPU, a working memory, a flash memory, a BDdrive, a video adapter, a network adapter, and the like. The drive unit101 is realized by the BD drive. The reception unit 106 receives anoperation from the remote control 112 via an infrared signal. Theplayback unit 107 is realized by the video adapter. The rights storageunit 109 and the device information storage unit 111 are realized by theflash memory. The communication unit 110 is realized by the networkadapter. Also, the flash memory stores a plurality of computer programsshowing operations of the playback control unit 102, the decryption unit103, the key control unit 104, the media key generation unit 105, andthe rights management unit 108. Functions of the playback control unit102, the decryption unit 103, the key control unit 104, the media keygeneration unit 105, and the rights management unit 108 are achieved bythe CPU operating in accordance with the corresponding computerprograms.

(1) Device Information Storage Unit 111 and Rights Storage Unit 109(Device Information Storage Unit 111)

The device information storage unit 111 stores device information 141and a device key 142 beforehand, as shown in FIG. 2.

The device information 141 is uniquely given to the playback device 100.The device key 142 is uniquely given to the playback device 100.

(Rights Storage Unit 109)

The rights storage unit 109 stores a rights information table 121beforehand, as shown in FIG. 2.

FIG. 10 shows an example of the rights information table 121. In thedrawing, the rights information table 121 includes a plurality of setsof rights information, which each correspond to any of the encryptedcontent 231, 232, . . . , 238, and show rights to play back thecorresponding content.

Each set of rights information is made up of rights mode information, acontent name, a rights key, a playback count, and a playback expirationdate. Here, the rights information may not include the playback count orthe playback expiration date.

The rights mode information included in the rights information shows arights mode specified for the encrypted content corresponding to therights information. The rights mode represents a method of generatingrights for use of the content.

The content name included in the rights information identifies theencrypted content corresponding to the rights information. Like thecontent name included in the playback path information table 210 shownin FIG. 3, the content name in the rights information table 121 is afilename that uniquely identifies the corresponding content.

The rights key included in the rights information is key informationgiven to the rights shown by the rights information.

The playback count included in the rights information is a maximumnumber of times the playback of the corresponding content is permitted.The absence of the playback count in the rights information means thecontent can be played back an unlimited number of times.

The playback expiration date included in the rights information shows anexpiration date until which the playback of the corresponding content ispermitted. The absence of the playback expiration date in the rightsinformation means the content can be played back without a time limit.

Though the rights information is made up of the five items, i.e. therights mode information, the content name, the rights key, the playbackcount, and the playback expiration date in the above example, thepresent invention is not limited to this. For instance, the rightsinformation may include other items such as a playback devicelimitation, a user limitation, and a geographical area limitation.

(2) Playback Control Unit 102

The playback control unit 102 receives an instruction to play backcontent recorded on the recording medium 200, from the reception unit106. The playback control unit 102 also receives a signal indicatingdetection of insertion of the recording medium 200, from the drive unit101.

Upon receiving the playback instruction from the reception unit 106 orthe detection signal from the drive unit 101 immediately after receivingpower from the power supply unit, the playback control unit 102 outputsan instruction to decrypt the content recorded on the recording medium200, to the decryption unit 103.

After this, the playback control unit 102 receives decryption failurenotification indicating that the content decryption has failed or mediakey acquisition success notification indicating that media keyacquisition has succeeded, from the decryption unit 103. Upon receivingthe decryption failure notification, the playback control unit 102terminates the subsequent playback control operation. Upon receiving themedia key acquisition success notification, the playback control unit102 performs the playback control operation as follows.

(Playback Control Operation)

The playback control unit 102 has the drive unit 101 read playbackcontrol information having the playback number “1” from the playbackpath information table 210 on the recording medium 200. The playbackcontrol unit 102 extracts a content name from the read playback controlinformation, and outputs the extracted content name to the decryptionunit 103. The playback control unit 102 instructs the decryption unit103 to decrypt and play encrypted content identified by the contentname.

Once the decryption and playback of the encrypted content identified bythe content name have completed, the playback control unit 102 attemptsto extract a next playback number from the playback control information.If there is no next playback number in the playback control information,the playback control unit 102 ends the playback control operation.

If there is a next playback number in the playback control information,the playback control unit 102 has the drive unit 101 read playbackcontrol information whose playback number matches the extracted nextplayback number from the playback path information table 210. Theplayback control unit 102 then extracts a content name from the readplayback control information, and outputs the extracted content name tothe rights management unit 108 via the decryption unit 103 and the keycontrol unit 104. The playback control unit 102 inquires of the rightsmanagement unit 108 whether encrypted content identified by the contentname is playable or not, via the decryption unit 103 and the key controlunit 104.

If the rights management unit 108 replies that the content isunplayable, the playback control unit 102 extracts an alternativeplayback number from the playback control information. The playbackcontrol unit 102 has the drive unit 101 read playback controlinformation whose playback number matches the extracted alternativeplayback number from the playback path information table 210. Theplayback control unit 102 then extracts a content name from the readplayback control information, outputs the extracted content name to thedecryption unit 103, and instructs the decryption unit 103 to decryptand play encrypted content identified by the content name. Once thedecryption and playback of the encrypted content have completed, theplayback control unit 102 attempts to extract a next playback numberfrom the playback control information. If no next playback number isincluded in the playback control information, the playback control unit102 ends the playback control operation.

If the rights management unit 108 replies that the content is playable,on the other hand, the playback control unit 102 outputs the contentname to the decryption unit 103, and instructs the decryption unit 103to decrypt and play the encrypted content identified by the contentname. Once the decryption and playback of the encrypted content havecompleted, the playback control unit 102 attempts to extract a nextplayback number from the playback control information. If the playbackcontrol information has no next playback number, the playback controlunit 102 ends the playback control operation.

If the playback control information has a next playback number, theplayback control unit 102 repeats the above operation until no nextplayback number is extracted.

(3) Decryption Unit 103, Playback Unit 107, and Display Device 113(Decryption Unit 103)

The decryption unit 103 receives an instruction to decrypt the contentrecorded on the recording medium 200 from the playback control unit 102,and outputs an instruction to acquire a media key to the key controlunit 104.

After this, the decryption unit 103 receives media key acquisitionfailure notification indicating that the media key acquisition hasfailed or media key acquisition success notification indicating that themedia key acquisition has succeeded, from the key control unit 104. Uponreceiving the media key acquisition failure notification, the decryptionunit 103 outputs decryption failure notification indicating that thecontent decryption has failed, to the playback control unit 102. Uponreceiving the media key acquisition success notification, the decryptionunit 103 outputs the media key acquisition success notification to theplayback control unit 102.

The decryption unit 103 then receives a content name and an instructionto decrypt encrypted content identified by the content name, from theplayback control unit 102. The decryption unit 103 has the key controlunit 104 acquire a content key corresponding to the encrypted content,and has the drive unit 101 read the encrypted content from the recordingmedium 200.

If the decryption unit 103 receives content key acquisition failurenotification indicating that the content key acquisition has failed fromthe key control unit 104, the decryption unit 103 outputs decryptionfailure notification indicating that the content decryption has failedto the playback control unit 102, and terminates the subsequentoperation.

Next, the decryption unit 103 judges whether the read encrypted contentcontains an encrypted button data table. This judgment can be made bychecking whether the encrypted content contains a private stream withreference to an unencrypted PAT (Program Association Table) or PMT(Program Map Table) in the encrypted content, though this is not a limitfor the present invention.

(a) If the encrypted content does not contain an encrypted button datatable, the decryption unit 103 decrypts the encrypted content in unitsof packets using the content key, and outputs the decrypted content tothe playback unit 107.

(b) If the encrypted content contains an encrypted button data table,the decryption unit 103 decrypts the encrypted button data table usingthe content key, and performs the following process (i) to (iv) on eachset of button data in the decrypted button data table.

(i) The decryption unit 103 extracts a playback number from the buttondata.

(ii) The decryption unit 103 acquires a content name corresponding tothe extracted playback number from the playback path information table210, via the drive unit 101. In detail, the decryption unit 103 has thedrive unit 101 read playback control information whose playback numbermatches the extracted playback number from the playback path informationtable 210 on the recording medium 200, and extracts a content name fromthe read playback control information.

(iii) The decryption unit 103 outputs the content name to the rightsmanagement unit 108 via the key control unit 104, and inquires of therights management unit 108 whether content identified by the contentname is playable or not, via the key control unit 104.

(iv) If the rights management unit 108 replies that the content isplayable, the decryption unit 103 extracts unselected data and selecteddata that represent normal button display, from the button data. If therights management unit 108 replies that the content is unplayable, thedecryption unit 103 extracts grayed-out data that represents grayed-outbutton display, from the button data. This completes the process (i) to(iv).

The decryption unit 103 then decrypts the encrypted content in units ofpackets using the content key, and outputs the decrypted content to theplayback unit 107.

The decryption unit 103 also outputs the selected data and unselecteddata or the grayed-out data extracted for each set of button data, tothe playback unit 107.

(Playback Unit 107)

The playback unit 107 receives decrypted content from the decryptionunit 103, and decodes it to generate digital video and audio data. Theplayback unit 107 generates analog video and audio signals from thedigital video and audio data, and outputs the analog video and audiosignals to the display device 113.

Also, the playback unit 107 receives selected data and unselected dataor grayed-out data extracted for each set of button data from thedecryption unit 103, and overlays the selected data and unselected dataor the grayed-out data on the video data to display each button. In thisway, the display state of each button is varied depending on playabilityof content corresponding to the button. Which is to say, the button isdisplayed in a normal state if the content is playable, and in agrayed-out state if the content is unplayable. When the button is grayedout, it is impossible to confirm the selection of the button.

(Display Device 113)

The display device 113 receives analog video and audio signals from theplayback unit 107, and outputs the video signal as video and the audiosignal as sounds.

(4) Key Control Unit 104

The key control unit 104 receives an instruction to acquire a media keyfrom the decryption unit 103, and outputs an instruction to generate themedia key to the media key generation unit 105.

Following this, the key control unit 104 receives either a decryptedmedia key or media key generation failure notification indicating thatthe media key generation has failed, from the media key generation unit105.

Upon receiving the media key generation failure notification, the keycontrol unit 104 outputs media key acquisition failure notificationindicating that the media key acquisition has failed, to the decryptionunit 103.

Upon receiving the decrypted media key, the key control unit 104 outputsmedia key acquisition success notification indicating that the media keyacquisition has succeeded, to the decryption unit 103.

(Content Key Acquisition)

The key control unit 104 then acquires a content key in the followingmanner, according to an instruction from the decryption unit 103.

The key control unit 104 receives a content name and a content keyacquisition instruction from the decryption unit 103. The key controlunit 104 has the drive unit 101 read key control information having thereceived content name from the key control information table 260 on therecording medium 200, and extracts key generation information from theread key control information.

The key control unit 104 judges whether the key generation informationis “00” which indicates “media key”. If the key generation informationis “00”, the key control unit 104 extracts content information from thekey control information, and concatenates the decrypted media keyreceived from the media key generation unit 105 and the extractedcontent information in this order. The key control unit 104 then appliesa one-way function to the concatenation outcome, to thereby generate thecontent key. The one-way function referred to here is SHA-1 as oneexample.

(content key)=SHA-1 ((decrypted media key)∥(content information))

Here, “SHA-1 (X)” denotes a hash value obtained by converting X bySHA-1, and “A∥B” denotes an outcome of concatenating A and B in thisorder.

It should be noted here that the generation of the content key is notlimited to the above. For example, other hash functions or one-wayfunctions may be used. Alternatively, the content key may be generatedby decrypting the content information using the decrypted media key.

The key control unit 104 outputs the generated content key to thedecryption unit 103.

If the key generation information is not “00”, the key control unit 104extracts rights mode information from the key control information, andoutputs the content name and the rights mode information to the rightsmanagement unit 108. The key control unit 104 controls the rightsmanagement unit 108 to acquire a rights key corresponding to contentidentified by the content name. If the key control unit 104 receivesrights key acquisition failure notification indicating that the rightskey acquisition has failed from the rights management unit 108, the keycontrol unit 104 outputs content key acquisition failure notificationindicating that the content key acquisition has failed to the decryptionunit 103, and ends the subsequent operation.

Next, the key control unit 104 judges whether the key generationinformation is “01” or “10”. If the key generation information is “10”which indicates “rights key”, the key control unit 104 sets the acquiredrights key as the content key, and outputs the content key to thedecryption unit 103.

Though the rights key itself is set as the content key if the keygeneration information indicates “rights key” in the above example, thepresent invention is not limited to such. For instance, the content keymay be generated from the rights key and the content information using aone-way function. Also, the generation of the content key from therights key may be performed not by the key control unit 104 but by therights management unit 108. This enhances security especially when thekey control unit 104 and the rights management unit 108 are implementedas separate tamper-resistant modules, because the rights key need not beoutput to the key control unit 104.

If the key generation information is “01” which indicates “compositekey”, the key control unit 104 concatenates the decrypted media key andthe acquired rights key in this order, and performs a one-way functionon the concatenation outcome to generate the content key.

(content key)=SHA-1 ((decrypted media key)∥(rights key))

The key control unit 104 outputs the generated content key to thedecryption unit 103.

Note here that the generation of the content key is not limited to theuse of a one-way function. For instance, the content key may begenerated by decrypting the content information using the decryptedmedia key, or by decrypting the rights key in encrypted form using thedecrypted media key. The content information may be used in thegeneration of the content key. Especially when the key control unit 104and the rights management unit 108 are implemented as separatetamper-resistant modules, the key control unit 104 may generateinformation from the decrypted media key and the content information andnotify it to the rights management unit 108, which then generates thecontent key from the notified information and the rights key. This makesit unnecessary to output the decrypted media key to the rightsmanagement unit 108 and the rights key to the key control unit 104,which contributes to higher security.

(Content Playability Judgment)

When playability of content needs to be judged during the playbackcontrol operation, the key control unit 104 reads key controlinformation corresponding to the content from the recording medium 200and judges the playability of the content, in the following way.

The key control unit 104 receives a content name and an instruction tojudge playability of content identified by the content name, from thedecryption unit 103. In response, the key control unit 104 has the driveunit 101 read key control information having the received content namefrom the key control information table 260 on the recording medium 200,and extracts key generation information from the read key controlinformation.

The key control unit 104 judges whether the key generation informationis “00” which indicates “media key”. If the key generation informationis “00”, the key control unit 104 extracts playability information fromthe key control information, and judges whether the playabilityinformation is “0” or “1”. If the playability information is “1”, thekey control unit 104 outputs playback permission notification indicatingthat the content is playable, to the decryption unit 103. If theplayability information is “0”, the key control unit 104 outputsplayback prohibition information indicating that the content isunplayable, to the decryption unit 103.

If the key generation information is not “00”, the key control unit 104extracts the playability information from the key control information,and judges whether the playability information is “0” or “1”. If theplayability information is “1”, the key control unit 104 outputsplayback permission notification to the decryption unit 103. If theplayability information is “0”, the key control unit 104 extracts rightsmode information from the key control information, and outputs therights mode information, the content name, and a rights judgmentinstruction to the rights management unit 108. The key control unit 104then receives a judgment result on the playability of the content fromthe rights management unit 108, and outputs the judgment result to thedecryption unit 103.

In the case where the key generation information is not “00”, even whenthe content is judged as being playable, the content key cannot beobtained and therefore the content cannot be decrypted and played unlessthe rights management unit 108 acquires the rights key. To avoid anyconfusion resulting from this, it is more preferable to judge thecontent as being playable after confirming the presence of the rightskey, than to judge the content as being playable simply based on theplayability information.

(5) Media key Generation Unit 105

The media key generation unit 105 receives a media key generationinstruction from the key control unit 104. In response, the media keygeneration unit 105 reads the device information 141 from the deviceinformation storage unit 111. The media key generation unit 105 have thedrive unit 101 read media information from the media information table280 on the recording medium 200, and extracts device information fromthe read media information. The media key generation unit 105 comparesthe extracted device information with the device information 141.

If the extracted device information does not match the deviceinformation 141, the media key generation unit 105 repeats the readingof next media information from the media information table 280, theextraction of device information from the read media information, andthe comparison, until every set of media information has been read fromthe media information table 280.

If the same device information as the device information 141 is notfound in the media information table 280, the media key generation unit105 outputs media key generation failure notification indicating thatthe media key generation has failed, to the key control unit 104.

If the extracted device information matches the device information 141,on the other hand, the media key generation unit 105 reads the devicekey 142 from the device information storage unit ill, and extracts anencrypted media key from the read media information. The media keygeneration unit 105 decrypts the encrypted media key using the devicekey 142 according to AES, and outputs the decrypted media key to the keycontrol unit 104.

(6) Rights Management Unit 108 (Rights Key Acquisition)

The rights management unit 108 receives a content name and rights modeinformation from the key control unit 104. The rights management unit108 judges whether the rights mode information is “00”, “01”, “10”, or“01,10”, to judge whether any rights mode is specified for contentidentified by the content name.

If a rights mode is specified for the content, that is, if the rightsmode information is “01”, “10”, or “01, 10”, the rights management unit108 attempts to extract rights information having both the receivedrights mode information and content name, from the rights informationtable 121 in the rights storage unit 109.

In more detail, if the rights mode information is “01”, the rightsmanagement unit 108 attempts to extract rights information having boththe rights mode information “01” and the content name. If the rightsmode information is “10”, the rights management unit 108 attempts toextract rights information having both the rights mode information “10”and the content name. If the rights mode information is “01,10”, therights management unit 108 attempts to extract rights information havingboth the rights mode information “01” and the content name, and rightsinformation having both the rights mode information “10” and the contentname.

Suppose the rights mode information specifies mode A and the contentname is “Making.mpg”. In this case, rights information 132, and notrights information 133, is extracted from the rights information table121 shown in FIG. 10. Suppose the rights mode information specifiesmodes A and B and the content name is “Making.mpg”. In this case, therights information 132 and the rights information 133 are extracted fromthe rights information table 121.

If no rights mode is specified for the content, that is, if the rightsmode information is “00”, the rights management unit 108 attempts toextract rights information having the content name from the rightsinformation table 121.

For instance, if the rights mode information specifies no rights modeand the content name is “Movie.mpg”, rights information 131 is extractedfrom the rights information table 121 shown in FIG. 10.

As a result, either at least one set of rights information is extracted,or no set of rights information is extracted at all.

In this embodiment, playback of content is instructed after judging theplayability of the content. Accordingly, the failure to extract rightsinformation means the occurrence of some kind of problem such as anunauthorized attack.

If a plurality of sets of rights information are extracted, the rightsmanagement unit 108 selects one of the sets of rights information. Ifone set of rights information is extracted, the rights management unit108 selects that rights information. The rights management unit 108 thenjudges whether the content identified by the content name is playable,using a playback count and/or a playback expiration date included in theselected rights information.

When using the playback count, the rights management unit 108 judges thecontent as being playable if the playback count is not “0”, andunplayable if the playback count is “0”.

When using the playback expiration date, the rights management unit 108judges the content as being playable if a current time shown by a clockequipped in the rights management unit 108 is within the playbackexpiration date, and unplayable if the current time exceeds the playbackexpiration date.

When using both the playback count and the playback expiration date, therights management unit 108 judges the content as being playable if bothof the above judgments are affirmative, and unplayable if any of theabove judgments is negative.

If the content is judged as being playable, the rights management unit108 extracts a rights key from the selected rights information, andoutputs the rights key to the key control unit 104.

If the content is judged as being unplayable, it means the rights keyacquisition has failed, as in the case where no set of rightsinformation is extracted. When this happens, the rights management unit108 outputs rights key acquisition failure notification indicating thatthe rights key acquisition has failed, to the key control unit 104.

(Content Playability Judgment)

The rights management unit 108 receives a rights judgment instruction, acontent name, and rights mode information from the key control unit 104.The rights management unit 108 then judges whether the rights modeinformation is “00”, “01”, “10”, or “01,10”, to judge whether any rightsmode is specified for content identified by the content name, in thesame way as above.

If a rights mode is specified for the content, the rights managementunit 108 attempts to extract rights information having both the receivedrights mode information and content name from the rights informationtable 121 in the rights storage unit 109, in the same way as above.

If no rights mode is specified for the content, the rights managementunit 108 attempts to extract rights information having the receivedcontent name from the rights information table 121, in the same way asabove.

As a result, either at least one set of rights information is extracted,or no set of rights information is extracted.

If at least one set of rights information is extracted, the rightsmanagement unit 108 selects one set of rights information, and judgeswhether the content is playable based on a playback count and/or aplayback expiration date included in the selected rights information, inthe same way as above.

If the content is judged as being playable as a result, the rightsmanagement unit 108 outputs a judgment result indicating that thecontent is playable, to the key control unit 104.

If the content is judged as being unplayable, the rights management unit108 outputs a judgment result indicating that the content is unplayable,to the key control unit 104.

If no set of rights information is extracted, the rights management unit108 outputs a judgment result indicating that the content is unplayable,to the key control unit 104.

(7) Remote Control 112, Reception Unit 106, Drive Unit 101, andCommunication Unit 110 (Remote Control 112)

The remote control 112 has an enclosure that is formed by an upper caseand a lower case, as shown in FIG. 1. In the enclosure, a flat wiringboard is held by the lower case. Also, a plurality of operation buttonsare provided on the upper case. These operation buttons are engravedwith such legends that indicates activation, confirmation, playback, thenumerals 1 to 12, and up, down, left, and right movements.

Switches which are opened and closed according to the user' s buttonoperations are disposed on the wiring board at the positionscorresponding to the operation buttons. Furthermore, an infraredradiation unit and a conversion circuit are formed on the wiring board.

When a switch is opened or closed as a result of the user' s operationon a corresponding button, the conversion circuit detects the opening orclosing of the switch, generates an electrical signal corresponding tothe opening or closing of the switch, converts the electrical signal toa digital signal, and outputs the digital signal to the infraredradiation unit. The infrared radiation unit receives the digital signal,and emits or stops an infrared ray depending on the digital signal.

In so doing, the remote control 112 radiates an infrared ray carrying asignal corresponding to the user' s button operation.

(Reception Unit 106)

The reception unit 106 receives an infrared ray from the remote control112, extracts a signal corresponding to a button operation from theinfrared ray, and outputs the extracted signal to the playback controlunit 102.

For example, if the extracted signal shows a playback operation, thereception unit 106 outputs a playback instruction to the playbackcontrol unit 102.

(Communication Unit 110)

The communication unit 110 is connected to the license server device 300via the internet 10.

To acquire rights, the communication unit 110 establishes an encryptedchannel, such as a SAC (Secure Authentication Channel), with acommunication unit 301 in the license server device 300. In detail, thecommunication unit 110 shares a session key with the license serverdevice 300. The communication unit 110 then requests transmission ofrights from the license server device 300. The communication unit 110receives encrypted rights information from the communication unit 301 inresponse, decrypts the encrypted rights information using the sessionkey, and writes the decrypted rights information to the rightsinformation table 121 in the rights storage unit 109.

(Drive Unit 101)

The drive unit 101 reads information from the recording medium 200,under control of any of the playback control unit 102, the decryptionunit 103, the key control unit 104, and the media key generation unit105. The drive unit 101 outputs the read information to thecorresponding unit.

1.4. Construction of the License Server Device 300

FIG. 11 shows a construction of the license server device 300. In thedrawing, the license server device 300 includes the communication unit301, a communication control unit 302, a rights generation unit 303, anda control unit 306. A display unit 304 and an input unit 305 areconnected to the license server device 300.

The license server device 300 is actually realized by a computer systemthat includes a microprocessor, a ROM, a RAM, a hard disk unit, acommunication unit (network adapter), a display unit, a keyboard, and amouse. A computer program is stored on the RAM or the hard disk unit.Functions of the construction elements of the license server device 300are achieved by the microprocessor operating in accordance with thiscomputer program.

The communication unit 301 is connected to the playback device 100 viathe internet 10. The communication unit 301 establishes an encryptedchannel such as a SAC with the communication unit 110 in the playbackdevice 100, under control of the communication control unit 302. To doso, the communication unit 301 shares a session key with the playbackdevice 100. After establishing the encrypted channel, the communicationunit 301 transfers information between the rights generation unit 303and the playback device 100, under control of the communication controlunit 302.

The rights generation unit 303 receives a request for transmission ofrights from the playback device 100 via the internet 10, thecommunication unit 301, and the communication control unit 302, afterthe establishment of the encrypted channel. The rights generation unit303 responsively generates rights information for the playback device100, encrypts the rights information using the session key, andtransmits the encrypted rights information to the playback device 100via the communication control unit 302, the communication unit 301, andthe internet 10.

The input unit 305 receives an operation from the operator of thelicense server device 300, and outputs the received operation to thecontrol unit 306.

The display unit 304 displays information under control of the controlunit 306.

1.5. Operations of the Content Playback System 1

Operations of the content playback system 1 are described below.

(1) Content Playback Start Operation

FIG. 12 is a flowchart of an operation of the playback device 100 at thestart of content playback.

Upon receiving power from the power supply unit (S103), a playbackoperation from the remote control 112 via the reception unit 106(S101-S102), or a signal indicating detection of insertion of therecording medium 200 from the drive unit 101 (S104-S105), the playbackcontrol unit 102 outputs a content decryption instruction to thedecryption unit 103 (S106). The decryption unit 103 outputs a media keyacquisition instruction to the key control unit 104 (S107). The keycontrol unit 104 outputs a media key generation instruction to the mediakey generation unit 105 (S108).

(2) Media Key Generation Operation by the Media Key Generation Unit 105

FIG. 13 is a flowchart of a media key generation operation by the mediakey generation unit 105.

Upon receiving the media key generation instruction from the key controlunit 104 (S108), the media key generation unit 105 reads the deviceinformation 141 from the device information storage unit 111 (S121).

Next, the media key generation unit 105 attempts to read one set ofmedia information from the media information table 280 on the recordingmedium 200 (S122). If all sets of media information have already beenread from the media information table 280 (S123:YES), the media keygeneration unit 105 outputs media key generation failure notification tothe key control unit 104 (S141), since the same device information asthe device information 141 is not included in the media informationtable 280. The key control unit 104 outputs media key acquisitionfailure notification to the decryption unit 103 (S142). The decryptionunit 103 outputs decryption failure notification to the playback controlunit 102 (S143). The playback control unit 102 terminates the subsequentcontent playback operation (S144).

If any set of media information has not yet been read from the mediainformation table 280 (S123:NO), the media key generation unit 105extracts device information from the read media information (S124), andcompares the extracted device information with the device information141 (S125). If they do not match (S125:NO), the operation returns tostep 5122.

If they match (S125:YES), the media key generation unit 105 reads thedevice key 142 from the device information storage unit 111 (S126). Themedia key generation unit 105 also extracts an encrypted media key fromthe read media information (S127). The media key generation unit 105decrypts the encrypted media key using the device key 142 (S128), andoutputs the decrypted media key to the key control unit 104 (S129). Thekey control unit 104 outputs media key acquisition success notificationto the decryption unit 103 (S130). The decryption unit 103 outputs themedia key acquisition success notification to the playback control unit102 (S131).

(3) Content Playback Control Operation by the Playback Control Unit 102

FIG. 14 is a flowchart of a content playback control operation by theplayback control unit 102.

Upon receiving the media key acquisition success notification from thedecryption unit 103 (5131), the playback control unit 102 reads playbackcontrol information having the playback number “1” from the playbackpath information table 210 (S151). The playback control unit 102extracts a content name from the read playback control information(S152), and instructs the decryption unit 103 to decrypt and play backencrypted content identified by the extracted content name (S153). Afterthis, the playback control unit 102 attempts to extract a next playbacknumber from the playback control information (S154). If the playbackcontrol information has no next playback number (S155:NO), the playbackcontrol unit 102 ends the operation.

If the playback control information has a next playback number(S155:YES), the playback control unit 102 reads playback controlinformation whose playback number matches the extracted next playbacknumber, from the playback path information table 210 (5156). Theplayback control unit 102 extracts a content name from the read playbackcontrol information (S157), and inquires of the rights management unit108 whether encrypted content identified by the extracted content nameis playable (S158).

If the rights management unit 108 judges that the content is unplayable(S159:NO), the playback control unit 102 extracts an alternativeplayback number from the read playback control information (S163). Theplayback control unit 102 then reads playback control information whoseplayback number matches the extracted alternative playback number fromthe playback path information table 210 (S164), and extracts a contentname from the read playback control information (S165).

The playback control unit 102 instructs the decryption unit 103 todecrypt and play encrypted content identified by the extracted contentname (S160). The playback control unit 102 then attempts to extract anext playback number from the playback control information (S161). Ifthe playback control information has no next playback number (S162:NO),the playback control unit 102 ends the operation.

If the playback control information has a next playback number(S162:YES), the playback control unit 102 returns to step 5156.

(4) Content Decryption and Playback Operation by the Decryption Unit 103and the Playback Unit 107

FIG. 15 is a flowchart of a content decryption and playback operation bythe decryption unit 103 and the playback unit 107.

The decryption unit 103 receives a content name and a decryption andplayback instruction from the playback control unit 102 (S170). Thedecryption unit 103 acquires a content key from the key control unit 104(S171), and reads encrypted content identified by the received contentname from the recording medium 200 (S172).

Following this, the decryption unit 103 judges whether the encryptedcontent contains an encrypted button data table (S173). If the encryptedcontent does not contain an encrypted button data table (S173:NO), thedecryption unit 103 decrypts the encrypted content in units of packetsusing the acquired content key, and outputs the decrypted content to theplayback unit 107. The playback unit 107 decodes the decrypted contentto generate digital video and audio data, and generates analog video andaudio signals from the digital video and audio data (S174). The displaydevice 113 outputs the video signal as video and the audio signal assounds (S175).

If the encrypted content contains an encrypted button data table(S173:YES), the decryption unit 103 decrypts the encrypted button datatable using the acquired content key (S181). The decryption unit 103then performs steps S183 to 5188 for each set of button data included inthe decrypted button data table (S182, S189).

The decryption unit 103 extracts a playback number from the button data(S183). The decryption unit 103 reads a content name corresponding tothe extracted playback number from the playback path information table210 via the playback control unit 102 (S184), and inquires of the rightsmanagement unit 108 whether content identified by the content name isplayable (S185). If the content is judged as being playable (S186:YES),the decryption unit 103 extracts unselected data and selected data thatrepresent normal button display, from the button data (S187). If thecontent is judged as being unplayable (S186:NO), the decryption unit 103extracts grayed-out data that represents grayed-out button display, fromthe button data (S188).

The decryption unit 103 then decrypts the encrypted content in units ofpackets using the content key (S190).

The decryption unit 103 outputs the decrypted content to the playbackunit 107. The decryption unit 103 also outputs selected data andunselected data or grayed-out data extracted for each set of buttondata, to the playback unit 107. The playback unit 107 overlays theselected data and unselected data or the grayed-out data on video datato play the content on which the buttons are superimposed. The displaydevice 113 outputs a video signal as video and an audio signal as sounds(S191).

(5) Content Key Acquisition Operation by the Key Control Unit 104

FIG. 16 is a flowchart of a content key acquisition operation by the keycontrol unit 104.

The key control unit 104 receives a content key acquisition instructionand a content name from the decryption unit 103 (S200). The key controlunit 104 reads key control information having the received content namefrom the key control information table 260 on the recording medium 200(S201), and extracts key generation information from the read keycontrol information (S202).

The key control unit 104 judges whether the key generation informationis “00” or not (S203). If the key generation information is “00”(S203:YES), the key control unit 104 extracts content information fromthe key control information (S204), and concatenates the decrypted mediakey received from the media key generation unit 105 and the extractedcontent information in this order. The key control unit 104 applies aone-way function to the concatenation outcome to thereby generate acontent key (S205), and outputs the content key to the decryption unit103 (S209).

If the key generation information is not “00” (3203:NO), the key controlunit 104 acquires a rights key corresponding to content identified bythe received content name from the rights management unit 108 (S206).The key control unit 104 then judges whether the key generationinformation is “01” or “10” (S207). If the key generation information is“10” (S207:NO), the key control unit 104 outputs the rights key to thedecryption unit 103 as the content key (S209).

If the key generation information is “01” (S207:YES), the key controlunit 104 concatenates the decrypted media key and the rights key in thisorder, and applies a one-way function to the concatenation outcome togenerate the content key (S208). The key control unit 104 outputs thecontent key to the decryption unit 103 (S209).

(6) Rights Key Acquisition Operation by the Rights Management Unit 108

FIG. 17 is a flowchart of a rights key acquisition operation by therights management unit 108.

The rights management unit 108 receives a content key and rights modeinformation from the key control unit 104 (S221). The rights managementunit 108 judges whether the rights mode information is “00” or any of“01”, “10”, and “01, 10”, to judge whether any rights mode is specifiedor not (S222).

If a rights mode is specified, that is, if the rights mode informationis any of “01”, “10”, and “01,10” (S222:NO), the rights management unit108 attempts to extract rights information that includes both the rightsmode information and the content name from the rights information table121 in the rights storage unit 109 (S223).

If no rights mode is specified, that is, if the rights mode informationis “00” (S222:YES), the rights management unit 108 attempts to extractrights information that includes the content name from the rightsinformation table 121 (S224).

If one or more sets of rights information are extracted as a result(S225:YES), the rights management unit 108 selects one set of rightsinformation (S226). The rights management unit 108 then judges whetherthe content identified by the content name is playable, based on aplayback count or a playback expiration date included in the selectedrights information (S227).

If the content is judged as being playable (S228:YES), the rightsmanagement unit 108 extracts a rights key from the rights information(5229), and outputs the rights key to the key control unit 104 (S230).

If the content is judged as being unplayable (S228:NO) or if no set ofrights information is extracted (S225:NO), the rights management unit108 ends the operation.

(7) Playability Judgment Operation by the Key Control Unit 104

FIG. 18 is a flowchart of a playability judgment operation by the keycontrol unit 104.

The key control unit 104 receives a content name and a playabilityjudgment instruction from the decryption unit 103 (S241). The keycontrol unit 104 reads key control information having the receivedcontent name from the key control information table 260 on the recordingmedium 200 (S242), and extracts key generation information from the readkey control information (S243).

The key control unit 104 judges whether the key generation informationis “00” (S244). If the key generation information is “00” (S244:YES),the key control unit 104 extracts playability information from the keycontrol information (S245), and judges whether the playabilityinformation is “0” or “1” (5246). If the playability information is “1”(S246: “1”), the key control unit 104 notifies the decryption unit 103that content identified by the content name is playable (S248). If theplayability information is “0” (S246: “0”), the key control unit 104notifies the decryption unit 103 that the content is unplayable (S247).

If the key generation information is not “00” (S244:NO), the key controlunit 104 extracts the playability information from the key controlinformation (S249), and judges whether the playability information is“0” or “1” (S250). If the playability information is “1” (S250: “1”),the key control unit 104 notifies the decryption unit 103 that thecontent is playable (S251). If the playability information is “0” (S250:“0”), the key control unit 104 extracts rights mode information from thekey control information (S252), and outputs a playability judgmentinstruction, the rights mode information, and the content name to therights management unit 108 (S253). The rights management unit 108 judgeswhether the content is playable or not (S254). The key control unit 104receives a judgment result from the rights management unit 108 (S255),and outputs the judgment result to the decryption unit 103 (S256).

(8) Playability Judgment Operation by the Rights Management Unit 108

FIG. 19 is a flowchart of a playability judgment operation by the rightsmanagement unit 108.

The rights management unit 108 receives a playability judgmentinstruction, a content name, and rights node information from the keycontrol unit 104 (S253), and judges whether the rights mode informationis “00” or any of “01”, “10”, and “01,10” (S261). If the rights modeinformation is any of “01”, “10”, and “01,10”, that is, if a rights modeis specified for content identified by the content name (S261:NO), therights management unit 108 attempts to extract rights information thatincludes both the rights mode information and the content name from therights information table 121 in the rights storage unit 109 (S262). Ifthe rights mode information is “00”, that is, if no rights mode isspecified for the content (S261:YES), the rights management unit 108attempts to extract rights information that includes the content namefrom the rights information table 121 (S263).

If one or more sets of rights information are extracted as a result(S264:YES), the rights management unit 108 selects one set of rightsinformation (S266). The rights management unit 108 then judges whetherthe content is playable, based on a playback count or a playbackexpiration date included in the selected rights information (S267). Ifthe content is judged as being playable (S268:YES), the rightsmanagement unit 108 notifies the key control unit 104 that the contentis playable (S269).

If the content is judged as being unplayable (S268:NO), the rightsmanagement unit 108 notifies the key control unit 104 that the contentis unplayable (S265).

If no set of rights information is extracted (S264:NO), the rightsmanagement unit 108 notifies the key control unit 104 that the contentis unplayable (S265).

(9) Operation of Acquiring Rights Information from the License ServerDevice 300

FIG. 20 is a flowchart of an operation of acquiring rights informationfrom the license server device 300.

The communication unit 110 in the playback device 100 establishes anencrypted channel, namely a SAC, with the communication unit 301 in thelicense server device 300 (S301).

The communication unit 110 then requests transmission of rights from thecommunication unit 301 (S302).

The rights generation unit 303 in the license server device 300generates rights information for the playback device 100 (S303), andencrypts the generated rights information (S304). The rights generationunit 303 transmits the encrypted rights information to the playbackdevice 100 via the communication control unit 302, the communicationunit 301, and the internet 10 (S305).

The communication unit 110 decrypts the encrypted rights information(S306), and writes the decrypted rights information to the rightsstorage unit 109 (S307).

1.6. Modifications

Although the present invention has been described by way of the aboveembodiment, it should be obvious that the present invention is notlimited to the above. Example modifications are given below.

(1) The above embodiment describes playback path control according toplayback control information and grayed-out button display, as twoexamples of playback control that is exercised according tolicense-based content playability, though the present invention is notlimited to such. For example, the following modifications (i) to (iii)are possible.

(i) The recording medium 200 may store standard-version content that canbe used by purchasing the recording medium 200, anddirector's-cut-version content that can be used only by furtherpurchasing special rights. In the playback path information table 210shown in FIG. 3, the next playback number 219 designates playbackcontrol information corresponding to the director's-cut-version content,whilst the alternative playback number 220 designates playback controlinformation corresponding to the standard-version content.

Also, the recording medium 200 may store purchase guidance content whichcontains an image for purchase of content, and commercial content whichcontains an advertising message. If the user does not have a license forthe content or the playback expiration date of the content is exceeded,the purchase guidance content or the commercial content is played backmandatorily. Also, an operation of acquiring the license from thelicense server device 300 may be carried out mandatorily.

Furthermore, if the user does not have the license or the playbackexpiration date is exceeded, any of special playback, menu display,angle switching, and stream switching may be prohibited.

(ii) Playback control according to license-based content playability maybe applied to angle switching in DVDs.

In more detail, the recording medium 200 stores a plurality of pieces ofangle content which are subjected to angle switching. These pieces ofangle content are grouped according to playback point. All pieces ofangle content belonging to one angle content group are playable at oneplayback point and so one piece of angle content is selected and playedback at that playback point. All pieces of angle content belonging toanother angle content group are playable at another playback point andso one piece of angle content is selected and played back at thatplayback point. In the playback path information table 210 shown in FIG.3, playback control information corresponding to angle content mayinclude a next playback number that designates angle content to beselected next, and an alternative playback number that designates anglecontent to be selected if the angle content designated by the nextplayback number is unplayable according to license conditions or thelike.

Here, the playback control information may include a plurality of nextplayback numbers. The playback control information may further include aplurality of alternative playback numbers corresponding to the pluralityof next playback numbers.

Information about playability of angle content based on license may bestored, too. In other words, the data structures of the key controlinformation table 260 in FIG. 8 and the rights information table 121 inFIG. 10 can be used in the case of angle switching, too. In this case,each content name in the key control information table 260 and therights information table 121 identifies angle content.

This makes it possible to prohibit switching to an unusable angle.

This modification can be summarized as follows. A plurality of pieces ofangle content which are subjected to angle switching are recorded on therecording medium 200 in advance. The playback control unit 102 in theplayback device 100 receives an instruction to play angle content, andthe rights management unit 108 judges whether the angle content isplayable based on corresponding rights information in the rightsinformation table 121.

Depending on a judgment result of the rights management unit 108, theplayback control unit 102 selects angle content to be played next, froman appropriate angle content group on the recording medium 200. Thedecryption unit 103 and the playback unit 107 decrypt and play theselected angle content.

(iii) Likewise, playback control according to license-based contentplayability may be applied to audio/subtitle stream switching. Thismakes it possible to prohibit switching to an unusable audio/subtitlestream. Audio/subtitle streams referred to here are auxiliary(accessory) content that is played back and output together with videocontent.

The recording medium 200 may store a plurality of pieces of auxiliarycontent which are grouped according to playback point or playbacksection. All pieces of auxiliary content belonging to one auxiliarycontent group are playable at one playback point or playback section.For example, English audio data, Japanese audio data, and Chinese audiodata belong to such an auxiliary content group. At the playback point orplayback section, one of these pieces of auxiliary content is selectedand played back.

Also, all pieces of auxiliary content belonging to another auxiliarycontent group are playable at another playback point or playbacksection.

Suppose English audio data, Japanese audio data, and Chinese audio dataare recorded on the recording medium 200 in correspondence with eachpiece of content, and the use of the English audio data and the Chineseaudio data is permitted by license whereas the use of the Japanese audiodata is not permitted by license. This being the case, the English audiodata may be played back instead of the Japanese audio data.

Also, suppose English subtitle data, Japanese subtitle data, and Chinesesubtitle data are recorded on the recording medium 200 in correspondencewith each piece of content, and only the use of the English subtitledata is permitted by license. This being the case, the English subtitledata may be played back instead of the Japanese or Chinese subtitledata.

Which is to say, when the recording medium 200 stores a plurality ofpieces of auxiliary content, playback control information correspondingto content in the playback path information table 210 includes anauxiliary number for identifying auxiliary content to be played togetherwith the content, and an alternative auxiliary number for identifyingauxiliary content to be played if the auxiliary content identified bythe auxiliary number is unplayable according to license or the like.

Information about playability of auxiliary content according to licensemay be stored, too. In other words, the data structures of the keycontrol information table 260 in FIG. 8 and the rights information table121 in FIG. 10 may be applied to auxiliary content, too. In this case,each content name in the key control information table 260 and therights information table 121 identifies auxiliary content.

This modification can be summarized as follows. A plurality of pieces ofauxiliary content such as audio streams and subtitle streams arerecorded on the recording medium 200. The playback control unit 102 inthe playback device 100 receives an instruction to play auxiliarycontent. The rights management unit 108 judges whether the auxiliarycontent is playable, based on corresponding rights information in therights information table 121. Depending on a judgment result of therights management unit 108, the playback control unit 108 selectsauxiliary content to be played next, from an appropriate auxiliarycontent group on the recording medium 200. The decryption unit 103 andthe playback unit 107 decrypt and play back the selected auxiliarycontent.

(2) The above embodiment describes the case where the key controlinformation table 260 shown in FIG. 8 is stored on the recording medium200 in unencrypted form, but this is not a limit for the presentinvention. To prevent unauthorized playback or copying by tampering withplayability information or copyability information in the key controlinformation table 260, the key control information table 260 may beencrypted or the like. In this case, it is effective to encrypt the keycontrol information table 260 using the media key. Hence the playabilityinformation and the copyability information in the key controlinformation table 260 can be protected from tampering.

(3) The above embodiment describes an example of playing back contentrecorded on the recording medium 200, but the same method can be usedwhen copying the content recorded on the recording medium 200.

Which is to say, when the user requests copying of the content recordedon the recording medium 200, a recording device which has the sameconstruction as the playback device 100 acquires a decrypted media keyin the same way as in FIG. 13. The recording device then judges thecopyability of the content in the same way as in FIG. 14, and copies thecontent to another recording medium if judged as being copyable.

(4) A content recording/playback system 1 b is explained below, as amodification to the above embodiment.

FIG. 21 shows a construction of the content recording/playback system 1b. In the drawing, the content recording/playback system 1 b is roughlymade up of a recording/playback device 100 b and a license server device300 b, which are connected via the internet 10. Also, a recording medium200 b is connected to the recording/playback device 100 b by the user.

The recording medium 200 b stores a media ID 501 unique to the recordingmedium 200 b, beforehand.

The license server device 300 b stores a key K 521, a content key 531,and content 532 beforehand.

The license server device 300 b acquires the media ID 501 from therecording medium 200 b, via the recording/playback device 100 b and theinternet 10 (S401). The license server device 300 b reads the key K 521(S402), and concatenates the media ID 501 and the key K 521 in thisorder to generate a concatenation key K′ 522 (S403).

The license server device 300 b then reads the content key 531, andapplies an encryption algorithm to the content key 531 using theconcatenation key K′ 522 to generate an encrypted content key 533(S404). The license server device 300 b writes the encrypted content key533 to the recording medium 200 b via the internet 10 and therecording/playback device 100 b, as an encrypted content key 511 (S406).The license server device 300 b also reads the content 532, and appliesan encryption algorithm to the content 532 using the content key 531 togenerate encrypted content 534 (S405). The license server device 300 bwrites the encrypted content 534 to the recording medium 200 b via theinternet 10 and the recording/playback device 100 b, as encryptedcontent 512 (S407).

After this, the recording/playback device 100 b reads the media ID 501from the recording medium 200 b (S421), and acquires the key K 521 fromthe license server device 300 b via the internet 10 (S422). Therecording/playback device 100 b concatenates the media ID 501 and thekey K 521 in this order to generate a concatenation key K′ 541 (S423).The recording/playback device 100 b reads the encrypted content key 511from the recording medium 200 b (S424), and applies a decryptionalgorithm to the encrypted content key 511 using the concatenation keyK′ 541 to generate a decrypted content key 542 (S426). Therecording/playback device 100 b also reads the encrypted content 512from the recording medium 200 b (S425), and applies a decryptionalgorithm to the encrypted content 512 using the decrypted content key542 to generate decrypted content 543 (S427). The recording/playbackdevice 100 b plays back the decrypted content 543 (S428), and displaysit (S429).

In this content recording/playback system 1 b, the recording/playbackdevice 100 b writes the encrypted content key 511 and the encryptedcontent 512 to the recording medium 200 b and reads the encryptedcontent key 511 and the encrypted content 512 from the recording medium200 b. However, the present invention is not limited to this.

For example, the content recording/playback system 1 b may include arecording device and a playback device, instead of therecording/playback device 100 b. In this case, the recording devicewrites the encrypted content key and the encrypted content output fromthe license server device 300 b to the recording medium 200 b, and theplayback device reads the encrypted content key and the encryptedcontent from the recording medium 200 b and plays back the encryptedcontent.

(5) The above embodiment describes the case where if content is judgedas being unplayable, the same playback control is uniformly exercisedregardless of why the content is unplayable. This can be modified asfollows.

For instance, different playback control may be performed depending onwhether the user does not have a license for content or a playbackexpiration date of the content is exceeded. If the user does not havethe license, content shown by an alternative playback number is playedback, as in the above embodiment. If the playback expiration date isexceeded, on the other hand, the original content is played back whiledisplaying a message indicating that the playback expiration date isexceeded, or alternatively, purchase guidance content is played back

Also, playback control information in the playback path informationtable 210 may include a next playback number, a first alternativeplayback number, and a second alternative playback number. As oneexample, the first alternative playback number designates playbackcontrol information to be used when the user does not have the license,whilst the second alternative playback number designates playbackcontrol information to be used when the playback expiration date isexceeded. In this case, the playback control unit 102 uses the nextplayback number if the playback of the content is permitted by license,the first alternative playback number if the user does not have thelicense, and the second alternative playback number if the playbackexpiration date is exceeded.

Which is to say, the playback path information table 210 shown in FIG. 3includes both the first alternative playback number and the secondalternative playback number, so that the playback control unit 102 usesan appropriate alternative playback number depending on why the contentis unplayable.

The playback control information may further include a third alternativeplayback number, a fourth alternative playback number, . . . . Theplayback control unit 102 selects an appropriate alternative playbacknumber depending on license conditions.

Also, the rights management unit 108, the rights storage unit 109, andthe communication unit 110 in the playback device 100 may be realized bya removable device such as a card. In this case, if the removable deviceis not connected to the playback device 100, an inquiry made to therights management unit 108 will end up being a failure. Differentplayback control may be exercised in such a case.

(6) The above embodiment describes the case where only the playabilityof content is judged in the content key acquisition operation and therights key acquisition operation, but this is not a limit for thepresent invention.

For example, key control information in the key control informationtable 260 shown in FIG. 8 and rights information in the rightsinformation table 121 shown in FIG. 10 may include playback qualityinformation about a playback quality of a video or audio stream, inaddition to playability information.

Such information may be used in the content key acquisition operationand the rights key acquisition information, as follows. The key controlunit 104 writes playback quality information included in rightsinformation over playback quality information included in correspondingkey control information, to prioritize the former playback qualityinformation over the latter playback quality information. The keycontrol unit 104 outputs the written playback quality information to theplayback unit 107 via the decryption unit 103, and the playback unit 107plays back the content with a playback quality shown by the receivedplayback quality information.

This makes it possible to have the playback unit 107 down-convertcontent from HD to SD or QCIF (Quarter Common Intermediate Format) andplays back the content.

(7) The above embodiment describes the case where rights information inthe rights information table 121 shown in FIG. 10 includes rights modeinformation. According to this construction, however, there is a dangerthat the rights mode information may be tampered with. Different rightsmodes are usually managed by different companies, with there being apossibility that a malicious company may conduct an unauthorized actagainst another company.

This problem can be avoided by digitally signing rights informationwhich includes rights mode information and other data, attaching theresulting signature data to the rights information and other data, andincluding them into a certificate of a signer.

For instance, such a certificate includes a serial number of thecertificate, the rights information including the rights modeinformation, an identification code of the signer, a signed date, anexpiration date of the certificate, and the signature data. Thesignature data is created by digitally signing the serial number, therights information, the identification code, the signed date, and theexpiration date using a private key of the signer.

To use the rights information, the playback device 100 obtains a publickey of the signer, and verifies the signature data and other dataincluded in the certificate using the obtained public key to judgewhether the rights information has been tampered with. Only if therights information has not been tampered with, the playback device 100proceeds to use the rights information.

Also, the key control unit 104 and the rights management unit 108 in theplayback device 100 may perform mutual authentication using a SAC. Ifthe mutual authentication has failed, the key control unit 104 and therights management unit 108 terminate the subsequent informationtransfer. If the mutual authentication has succeeded, the key controlunit 104 and the rights management unit 108 perform the subsequentinformation transfer. Here, the key control unit 104 and the rightsmanagement unit 108 may each be realized by a discrete, removable moduleindependent of the playback device 100.

In such a case, the key control unit 104 may extract the rights modeinformation from the certificate received during the mutualauthentication, and check whether the extracted rights mode informationmatches rights mode information included in corresponding key controlinformation.

When performing the mutual authentication, a CRL (Certificate RevocationList) showing information for identifying invalid modules may be storedin each of the recording medium 200 and the rights storage unit 109.Such a CRL allows each of the key control unit 104 and the rightsmanagement unit 108 to avoid an invalid module.

As an alternative, the key control unit 104 may hold a first moduleidentifier for identifying an invalid module. In this case, the keycontrol unit 104 acquires an identifier for identifying the rightsmanagement unit 108, and judges whether the acquired identifier matchesthe first module identifier. If they match, the key control unit 104refuses to conduct information transfer with the rights management unit108.

Also, the recording medium 200 may store a second module identifier foridentifying an invalid module. In this case, the rights management unit108 reads the second module identifier from the recording medium 200,acquires an identifier for identifying the key control unit 104, andjudges whether the acquired identifier matches the second moduleidentifier. If they match, the rights management unit 108 refuses toconduct information transfer with the key control unit 104.

(8) The above embodiment describes the case where content isunconditionally judged as being unplayable if key control informationcorresponding to the content includes key generation information whichshows “media key” and playability information which shows “unplayable”.However, the present invention is not limited to this. Even when the keygeneration information shows “media key” and the playability informationshows “unplayable”, the key control unit 104 may further inquire of therights management unit 108 whether the content is playable or not.

(9) The above embodiment describes the case where the key controlinformation table 260 is stored on the recording medium 200 separatelyfrom encrypted content, but this is not a limit for the presentinvention.

For example, key control information may be multiplexed with encryptedcontent that is identified by a content name included in the key controlinformation. This clarifies the correspondence between the key controlinformation and the encrypted content, thereby making it unnecessary toinclude the content name in the key control information. The playbackdevice 100 can acquire the key control information by separating it fromthe encrypted content.

Also, the key control information table 260 may be stored on a recordingmedium different from the recording medium 200. Alternatively, the keycontrol information table 260 may be acquired via a network. This isparticularly effective in the case where not all pieces of content arerecorded on one package medium but additional content is separatelyacquired from a network and recorded on an HDD.

(10) The above embodiment describes the case where rights information inthe rights information table 121 shown in FIG. 10 includes a contentname which shows a filename of content, but the present invention is notlimited to this.

As one example, the rights information (also referred to as contractinformation) includes a rights identifier (also referred to as a licenseidentifier or a contract identifier) for identifying the rightsinformation, with the rights identifier being also included incorresponding key control information in the key control informationtable 260 shown in FIG. 8. Based on this rights identifier, the rightsmanagement unit 108 searches for the rights information.

The rights identifier may also be included in corresponding playbackcontrol information in the playback path information table 210 shown inFIG. 3. Through the use of the rights identifier, the playback controlunit 102 can inquire of the rights management unit 108, via thedecryption unit 103 and the key control unit 104, whether the content isplayable or not, and use a judgment result of the rights management unit108.

As can be seen from FIG. 3, the playback control information includes acontent name, i.e., a content identifier for identifying the content.Accordingly, the recording medium 200 may store a correspondence tableof content identifiers and rights identifiers. The playback control unit102 extracts the content identifier from the playback controlinformation, reads the rights identifier corresponding to the extractedcontent identifier from the correspondence table, and uses the rightsidentifier to inquire of the rights management unit 108, via thedecryption unit 103 and the key control unit 104, whether the content isplayable or not.

(11) The above embodiment describes the case where rights information isacquired from the license server device 300, but the present inventionis not limited to this. For instance, the rights information table 121may be stored on the recording medium 200, so that the playback device100 reads the rights information table 121 from the recording medium200. Alternatively, the rights information table 121 may be stored onanother recording medium, so that the playback device 100 reads therights information table 121 from the other recording medium.

(12) The above embodiment describes the case where the functions of theplayback control unit 102, the decryption unit 103, the key control unit104, the media key generation unit 105, and the rights management unit108 in the playback device 100 can be achieved by the CPU operating inaccordance with the computer programs, though this is not a limit forthe present invention. For instance, each of the playback control unit102, the decryption unit 103, the key control unit 104, the media keygeneration unit 105, and the rights management unit 108 may be realizedby separate hardware.

(13) The above embodiment describes a BD as one example of the recordingmedium 200. The BD has a file system such as a UDF (Universal DiskFormat), so that the information recorded on the recording medium 200shown in FIG. 2 is typically treated as one or more files on the filesystem. However, this is not a limit for the present invention.

For instance, the media information table 280 may be stored in aspecific area of a lead-in area of the BD or in a user data area of theBD. Alternatively, the media information table 280 may be stored in aBCA (Burst Cutting Area). Also, the media key may be generated asfollows. An error intentionally created for error detecting code is setas a first media key. Meanwhile, a second media key is encrypted usingdevice information of each playback device and stored in the mediainformation table 280 that is written in the lead-in area or the userdata area. The media key is calculated by applying a one-way function orthe like to the first and second media keys.

Also, identification information unique to the recording medium 200,which is stored in the BCA, may be used as the media key of therecording medium 200. As an alternative, identification informationunique to a title, which is stored in the lead-in area or the user dataarea, may be used as the media key of the recording medium 200. Further,a random value stored in the user data area may be used as the media keyof the recording medium 200.

Also, an MKB (Media Key Block) stored in the lead-in area or the userdata area may be used as information unique to the recording medium 200.

(14) The above embodiment describes the case where rights modeinformation included in key control information in the key controlinformation table 260 shown in FIG. 8 specifies one or more rights modesspecified for corresponding content when key generation information inthe key control information is “10” (rights key) or “01” (compositekey). Meanwhile, the rights mode information does not specify any rightsmode with the value “00”, if the key generation information is “00”(media key). This, however, is not a limit for the present invention.

As one example, the rights mode information “00” indicates a rights modethat depends on a recording medium, whereas the rights mode information“10” or “01” indicates a rights mode that depends on a license. If therights mode information is “00”, the playback device 100 uses a mediakey to generate a content key. If the rights mode information is “10” or“01”, the playback device 100 uses a rights key or a composite key togenerate the content key.

(15) The present invention relates to a terminal for playing back amedium that stores encrypted content, usability of which is determinedaccording to a license, and playback control information for theencrypted content. The terminal includes a usability inquiry unit, aplayback control unit, a license key acquisition unit, and a decryptionunit. The usability inquiry unit inquires whether the encrypted contentis permitted to be used according to the license. The playback controlunit controls playback based on a result of the inquiry by the usabilityinquiry unit and the playback control information. The license keyacquisition unit acquires a license key from the license. The decryptionunit decrypts the encrypted content using the license key acquired bythe license key acquisition unit.

Also, the present invention relates to a terminal for playing back amedium that stores encrypted content, usability of which is determinedaccording to a license, and playback control information for theencrypted content. The playback control information referred to hereincludes at least playback path information for the encrypted content.The terminal includes a usability inquiry unit, a playback control unit,a license key acquisition unit, and a decryption unit. The usabilityinquiry unit inquires whether the encrypted content is permitted to beused according to the license. The playback control unit controls aplayback path based on a result of the inquiry by the usability inquiryunit and the playback control information. The license key acquisitionunit acquires a license key from the license. The decryption unitdecrypts the encrypted content using the license key acquired by thelicense key acquisition unit.

Here, the playback control information may include a content identifierfor identifying the encrypted content. Through the use of this contentidentifier, the usability inquiry unit and/or the license keyacquisition unit can perform the inquiry and/or the license keyacquisition.

Here, the playback control information may include a license identifierfor identifying the license. Through the use of this license identifier,the usability inquiry unit and/or the license key acquisition unit canperform the inquiry and/or the license key acquisition.

Also, the present invention relates to a method for playing back amedium that stores encrypted content, usability of which is determinedaccording to a license, and playback control information for theencrypted content. The method includes a usability inquiry step, aplayback control step, a license key acquisition step, and a decryptionstep. The usability inquiry step inquires whether the encrypted contentis permitted to be used according to the license. The playback controlstep controls playback based on a result of the inquiry by the usabilityinquiry step and the playback control information. The license keyacquisition step acquires a license key from the license. The decryptionstep decrypts the encrypted content using the license key acquired bythe license key acquisition step.

Also, the present invention relates to a method for playing back amedium that stores encrypted content, usability of which is determinedaccording to a license, and playback control information for theencrypted content. The playback control information referred to hereincludes at least playback path information for the encrypted content.The method includes a usability inquiry step, a playback control step, alicense key acquisition step, and a decryption step. The usabilityinquiry step inquires whether the encrypted content is permitted to beused according to the license. The playback control step controls aplayback path based on a result of the inquiry by the usability inquirystep and the playback control information. The license key acquisitionstep acquires a license key from the license. The decryption stepdecrypts the encrypted content using the license key acquired by thelicense key acquisition step.

(16) The present invention relates to a terminal for playing back amedium on which encrypted content and a media key unique to the mediumare stored. The terminal includes a license acquisition unit, a licensekey acquisition unit, a key generation unit, and a decryption unit. Thelicense acquisition unit acquires a license including at least a key fordecrypting the encrypted content. The license key acquisition unitacquires a license key from the license. The key generation unitgenerates a content key from the media key and the license key. Thedecryption unit decrypts the encrypted content using the content key.

Also, the present invention relates to a terminal for playing back amedium on which encrypted content and a media key unique to the mediumare stored. The terminal includes a license acquisition unit, a licensekey acquisition unit, a key generation unit, a usability judgment unit,and a decryption unit. The license acquisition unit acquires a licenseincluding at least a key for decrypting the encrypted content and a usecondition of the encrypted content. The license key acquisition unitacquires a license key from the license. The key generation unitgenerates a content key from the media key and the license key. Theusability judgment unit judges whether the encrypted contentcorresponding to the license is permitted to be used, based on the usecondition. The decryption unit decrypts the encrypted content using thecontent key, if the encrypted content is judged as being permitted to beused.

Also, the present invention relates to a terminal for playing back amedium on which encrypted content, a media key unique to the medium, andprocessing control information are stored. The terminal includes alicense acquisition unit, a license key acquisition unit, a keygeneration unit, a key judgment unit, and a decryption unit. The licenseacquisition unit acquires a license including at least a key fordecrypting the encrypted content. The license key acquisition unitacquires a license key from the license. The key generation unitgenerates a content key from the media key and the license key. The keyjudgment unit judges whether the license key or the content key is to beused for decrypting the encrypted content, based on the processingcontrol information. The decryption unit decrypts the encrypted contentusing the key determined by the key judgment unit.

Here, the processing control information may include a contentidentifier for identifying the encrypted content, and key typeinformation showing whether the license key or the content key is to beused.

Here, the processing control information may be multiplexed with theencrypted content.

Also, the present invention relates to a method for playing back amedium on which encrypted content and a media key unique to the mediumare stored. The method includes a license acquisition step, a licensekey acquisition step, a key generation step, and a decryption step. Thelicense acquisition step acquires a license including at least a key fordecrypting the encrypted content. The license key acquisition stepacquires a license key from the license. The key generation stepgenerates a content key from the media key and the license key. Thedecryption step decrypts the encrypted content using the content key.

Also, the present invention relates to a method for playing back amedium on which encrypted content and a media key unique to the mediumare stored. The method includes a license acquisition step, a licensekey acquisition step, a key generation step, a usability judgment step,and a decryption step. The license acquisition step acquires a licenseincluding at least a key for decrypting the encrypted content and a usecondition of the encrypted content. The license key acquisition stepacquires a license key from the license. The key generation stepgenerates a content key from the media key and the license key. Theusability judgment step judges whether the encrypted contentcorresponding to the license is permitted to be used, based on the usecondition. The decryption step decrypts the encrypted content using thecontent key, if the encrypted content is judged as being permitted to beused.

Also, the present invention relates to a method for playing back amedium on which encrypted content, a media key unique to the medium, andprocessing control information are stored. The method includes a licenseacquisition step, a license key acquisition step, a key generation step,a key judgment step, and a decryption step. The license acquisition stepacquires a license including at least a key for decrypting the encryptedcontent. The license key acquisition step acquires a license key fromthe license. The key generation step generates a content key from themedia key and the license key. The key judgment step judges whether themedia key or the content key is to be used for decrypting the encryptedcontent, based on the processing control information. The decryptionstep decrypts the encrypted content using the key determined by the keyjudgment step.

(17) The present invention relates to a terminal for playing back amedium on which encrypted content and a media key unique to the mediumare stored. The terminal includes a license acquisition unit, a contentkey acquisition unit, a key selection unit, and a decryption unit. Thelicense acquisition unit acquires a license including at least a key fordecrypting the encrypted content. The content key acquisition unitacquires a content key from the license. The key selection unit selectsone of the media key and the content key for decrypting the encryptedcontent. The decryption unit decrypts the encrypted content using thekey selected by the key selection unit.

Also, the present invention relates to a terminal for playing back amedium on which encrypted content, a media key unique to the medium, andkey selection information are stored. The terminal includes a licenseacquisition unit, a content key acquisition unit, a key selection unit,and a decryption unit. The license acquisition unit acquires a licenseincluding at least a key for decrypting the encrypted content. Thecontent key acquisition unit acquires a content key from the license.The key selection unit selects one of the media key and the content keyfor decrypting the encrypted content, based on the key selectioninformation. The decryption unit decrypts the encrypted content usingthe key selected by the key selection unit.

Also, the present invention relates to a terminal for playing back amedium on which encrypted content, a media key unique to the medium, andkey selection information are stored. The terminal includes a licenseacquisition unit, a content key acquisition unit, a key selection unit,a usability judgment unit, and a decryption unit. The licenseacquisition unit acquires a license including at least a key fordecrypting the encrypted content and a use condition of the encryptedcontent. The content key acquisition unit acquires a content key fromthe license. The key selection unit selects one of the media key and thecontent key for decrypting the encrypted content, based on the keyselection information. The usability judgment unit judges whether theencrypted content corresponding to the license is permitted to be used,based on the use condition. The decryption unit decrypts the encryptedcontent using the key selected by the key selection unit, if theencrypted content is judged as being permitted to be used.

Here, the key selection information may include a content identifier foridentifying the encrypted content, and key type information showingwhether the media key or the content key is to be used.

Here, the key selection information may be multiplexed with theencrypted content.

Here, the key selection information may include a license identifier foridentifying the license corresponding to the encrypted content, so thatthe content key acquisition unit can acquire the content key from thelicense identified by the license identifier.

Also, the present invention relates to a method for playing back amedium on which encrypted content and a media key unique to the mediumare stored. The method includes a license acquisition step, a contentkey acquisition step, a key selection step, and a decryption step. Thelicense acquisition step acquires a license including at least a key fordecrypting the encrypted content. The content key acquisition stepacquires a content key from the license. The key selection step selectsone of the media key and the content key for decrypting the encryptedcontent. The decryption step decrypts the encrypted content using thekey selected by the key selection step.

Also, the present invention relates to a method for playing back amedium on which encrypted content, a media key unique to the medium, andkey selection information are stored. The method includes a licenseacquisition step, a content key acquisition step, a key selection step,and a decryption step. The license acquisition step acquires a licenseincluding at least a key for decrypting the encrypted content. Thecontent key acquisition step acquires a content key from the license.The key selection step selects one of the media key and the content keyfor decrypting the encrypted content, based on the key selectioninformation. The decryption step decrypts the encrypted content usingthe key selected by the key selection step.

Also, the present invention relates to a method for playing back amedium on which encrypted content, a media key unique to the medium, andkey selection information are stored. The method includes a licenseacquisition step, a content key acquisition step, a key selection step,a usability judgment step, and a decryption step. The licenseacquisition step acquires a license including at least a key fordecrypting the encrypted content and a use condition of the encryptedcontent. The content key acquisition step acquires a content key fromthe license. The key selection step selects one of the media key and thecontent key for decrypting the encrypted content, based on the keyselection information. The usability judgment step judges whether theencrypted content corresponding to the license is permitted to be used,based on the use condition. The decryption step decrypts the encryptedcontent using the key selected by the key selection step, if theencrypted content is judged as being permitted to be used.

Also, the present invention relates to a medium storing encryptedcontent. The medium also stores a media key unique to the medium, andkey selection information showing whether the encrypted content has beengenerated by performing encryption using the media key or not.

Here, the key selection information may includes a content identifierfor identifying the encrypted content.

Here, the key selection information may include a license identifier foridentifying a license for the encrypted content.

(18) The above embodiment describes the case where one key controlinformation table is stored on the recording medium 200. However, aplurality of key control information tables may be stored on therecording medium 200.

If the recording medium 200 is a recordable or rewritable medium, theuser can add encrypted content to the recording medium 200 which he orshe acquired. When adding the encrypted content, a key controlinformation table corresponding to the added content may need to bestored as well.

In this case, the key control unit 104 searches the plurality of keycontrol information tables on the recording medium 200, for a keycontrol information table that designates encrypted content which is tobe judged as being playable or not. Here, more than one key controlinformation table may designate the encrypted content. In such a case,the key control unit 104 detects the key control information table to bereferenced, according to such a rule that prioritizes a last-stored keycontrol information table.

Further, composite content may be distributed among a plurality ofrecording media. Especially when the recording medium 200 is anon-recordable medium, encrypted content that is added later needs to berecorded to another recording medium. A typical example of the otherrecording medium is an HDD equipped in the playback device 100. Theplayback device 100 records the additional encrypted content to the HDD.In this case too, the key control unit 104 searches a plurality of keycontrol information tables on the plurality of recording media thatstore different parts of the composite content which are related to eachother by links, for a key control information table that is to bereferenced.

(19) The construction elements of each of the above devices may bepartially or entirely implemented by a single system LSI. The system LSIis an ultra-multifunctional LSI manufactured by integrating multiplecomponents on a single chip, and is actually realized by a computersystem that includes a microprocessor, a ROM, and a RAM. A computerprogram is stored on the RAM. Functions of the system LSI can beachieved by the microprocessor operating in accordance with thiscomputer program.

(20) The construction elements of each of the above devices may bepartially or entirely implemented by a removable IC card or a discretemodule. The IC card or module referred to here is a computer system thatincludes a microprocessor, a ROM, and a RAM. The IC card or module maycontain the aforementioned ultra-multifunctional LSI. Functions of theIC card or module can be achieved by the microprocessor operating inaccordance with the computer program. Here, the IC card or module may betamper-resistant.

(21) Each of the above devices is actually a computer system thatincludes a microprocessor, a ROM, and a RAM. A computer program isstored on the RAM. The functions of each device can be achieved by themicroprocessor operating in accordance with this computer program. Thiscomputer program is constituted by a plurality of sets of instructioncode for a computer to realize the predetermined functions.

(22) The present invention also applies to the method described above.This method may be realized by a computer program that is executed by acomputer. Such a computer program may be distributed as a digitalsignal.

The present invention may be realized by a computer-readable storagemedium, such as a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, aDVD-ROM, a DVD-RAM, a BD, or a semiconductor memory, on which the abovecomputer program or digital signal is recorded. Conversely, the presentinvention may also be realized by the computer program or digital signalthat is recorded on such a storage medium.

The computer program or digital signal that achieves the presentinvention may also be transmitted via a network, such as an electroniccommunications network, a wired or wireless communications network, oran internet, or via data broadcasting.

The present invention can also be realized by a computer system thatincludes a microprocessor and a memory. In this case, the computerprogram can be stored in the memory, with the microprocessor operatingin accordance with this computer program.

The computer program or digital signal may be provided to an independentcomputer system by distributing a storage medium on which the computerprogram or digital signal is recorded, or by transmitting the computerprogram or digital signal via a network. The independent computer systemmay then execute the computer program or digital signal to function asthe present invention.

(23) The above embodiment and modifications may be freely combined.

(24) A playback device and playback method for encrypted content and arecording medium on which data used by the above playback device andplayback method is stored, to which the present invention relates, aresuitable for use in content playback of media which contain bothconventional copy-protected content and DRM content, and are thereforeuseful in such fields as package media and content distribution.

INDUSTRIAL APPLICABILITY

The devices and recording medium to which the present invention relatescan be used recurrently and continuously in a content delivery industrythat produces and delivers content. Also, the devices to which thepresent invention relates can be manufactured and sold recurrently andcontinuously in an electrical product manufacturing industry.

1. A content use device for using composite content recorded on arecording medium, the composite content including a plurality of piecesof content that are respectively protected by a plurality of differentprotection methods, the content use device comprising: an acquisitionunit operable to acquire a designation of one of the plurality of piecesof content; a judgment unit operable to judge whether the designatedpiece of content is usable, based on contract information relating touse of the designated piece of content; a determination unit operable todetermine, if one of the plurality of pieces of content is selectedaccording to a result of the judgment by the judgment unit, oneprotection method that corresponds to the selected one piece of contentfrom among the plurality of different protection methods; a decryptionunit operable to decrypt the selected one piece of content based on thedetermined protection method; and an output unit operable to output thedecrypted piece of content.
 2. The content use device of claim 1,wherein if the designated piece of content is judged as being usable andselected the determination unit determines the protection methodcorresonding to the designated piece of content, and if the designatedpiece of content is judged as being not usable and an alternative pieceof content is selected instead of the designated piece of content, thedetermination unit determines one protection method that corresponds tothe selected alternative piece of content from among the plurality ofdifferent protection methods, the alternative piece of content beingincluded in the composite content in correspondence with the designatedpiece of content.
 3. The content use device of claim 2, wherein thecomposite content recorded on the recording medium includes a contentidentifier for identifying the designated piece of content and analternative content identifier for identifying the alternative piece ofcontent, in correspondence with each other, if the designated piece isjudged as being usable and selected by extracting the content identifierfrom the composite content, the determination unit determines theprotection method corresponding to the selected piece of content, and ifthe designated piece is judged as being not usable and the alternativepiece of content is selected by extracting the alternative contentidentifier corresponding to the content identifier from the compositecontent, the determination unit determines the protection methodcorresponding to the alternative piece of content, the decryption unitdecrypts the piece of content identified by the content identifier oralternative content identifier, and the output unit outputs thedecrypted piece of content.
 4. The content use device of claim 1,wherein the judgment unit acquires the contract information, and judgeswhether the designated piece of content is usable based on the acquiredcontract information.
 5. The content use device of claim 4, wherein thecomposite content recorded on the recording medium includes a licenseidentifier for identifying the contract information, and the judgmentunit includes: a contract information storage unit operable to prestorethe license identifier and the contract information in correspondencewith each other; an identifier extraction unit operable to extract thelicense identifier from the composite content; and a judging unitoperable to read the contract information corresponding to the extractedlicense identifier from the contract information storage unit, and judgewhether the designated piece of content is usable based on the readcontract information.
 6. The content use device of claim 4, wherein thecomposite content recorded on the recording medium includes a contentidentifier for identifying the designated piece of content and a licenseidentifier for identifying the contract information, in correspondencewith each other, and the judgment unit includes: a contract informationstorage unit operable to prestore the license identifier and thecontract information in correspondence with each other; an identifierextraction unit operable to extract the license identifier correspondingto the content identifier for identifying the designated piece ofcontent, from the composite content; and a judging unit operable to readthe contract information corresponding to the extracted licenseidentifier from the contract information storage unit, and judge whetherthe designated piece of content is usable based on the read contractinformation.
 7. The content use device of claim 4, wherein the compositecontent recorded on the recording medium includes a content identifierfor identifying the designated piece of content, and the judgment unitincludes: a contract information storage unit operable to prestore thecontent identifier and the contract information in correspondence witheach other; an identifier extraction unit operable to extract thecontent identifier from the composite content; and a judging unitoperable to read the contract information corresponding to the extractedcontent identifier from the contract information storage unit, and judgewhether the designated piece of content is usable based on the readcontract information.
 8. The content use device of claim 1, wherein thecomposite content recorded on the recording medium includes playbackpath information showing a correspondence between the designated pieceof content and a preceding piece of content that is to be outputimmediately before the designated piece of content, and after the outputunit outputs the preceding piece of content, the acquisition unitextracts the playback path information from the composite content, andacquires the designation in accordance with the extracted playback pathinformation.
 9. The content use device of claim 1, wherein the pluralityof pieces of content include a plurality of pieces of angle content thatare used for multi-angle switching, the acquisition unit acquires thedesignation of one of the plurality of pieces of angle content, thejudgment unit judges whether the designated piece of angle content isusable, based on the contract information, and if a group of outputtablepieces of angle content is selected according to the result of thejudgment by the judgment unit and one piece of angle content is selectedfrom the selected group, the determination unit determines theprotection method corresponding to the selected piece of angle content,the decryption unit decrypts the selected piece of angle content basedon the determined protection method, and the output unit outputs thedecrypted piece of angle content.
 10. The content use device of claim 1,wherein the plurality of pieces of content include a plurality of piecesof auxiliary content that are each made up of any of audio data andsubtitle data output together with video data, the acquisition unitacquires the designation of one of the plurality of pieces of auxiliarycontent, the judgment unit judges whether the designated piece ofauxiliary content is usable, based on the contract information, if agroup of outputtable pieces of auxiliary content is selected accordingto the result of the judgment by the judgment unit and one piece ofauxiliary content is selected from the selected group, the determinationunit determines the protection method corressponding to the selectedpiece of auxilia content, the decryption unit decrypts the selectedpiece of auxiliary content based on the determined protection method,and the output unit outputs the decrypted piece of auxiliary content.11. (canceled)
 12. A content use method used in a content use device forusing composite content recorded on a recording medium, the compositecontent including a plurality of pieces of content that are respectivelyprotected by a plurality of different protection methods, the contentuse method comprising steps of: acquiring a designation of one of theplurality of pieces of content; judging whether the designated piece ofcontent is usable, based on contract information relating to use of thedesignated piece of content; determining, if one of the plurality ofpieces of content is selected according to a result of the judgment inthe judging step, one protection method that corresponds to the selectedone piece of content from among the plurality of different protectionmethods; decrypting the selected one piece of content based on thedetermined protection method; and outputting the decrypted piece ofcontent.
 13. A computer program embodied on a non-transitorycomputer-readable storage medium, the computer program being used in acomputer for using composite content recorded on a recording medium, thecomposite content including a plurality of pieces of content that arerespectively protected by a plurality of different protection methods,the computer program comprising program code operable to cause thecomputer to perform a method comprising steps of: acquiring adesignation of one of the plurality of pieces of content; judgingwhether the designated piece of content is usable, based on contractinformation relating to use of the designated piece of content;determining, if one of the plurality of pieces of content is selectedaccording to a result of the judgment in the judging step, oneprotection method that corresponds to the selected one piece of contentfrom among the plurality of different protection methods; decrypting theselected one piece of content based on the determined protection method;and outputting the decrypted piece of content. 14-17. (canceled)